Avast Webshield

[alanrf]

What you are missing is how browsers work and how antivirus products intercept them to scan the results (just as the person who replied to you in the torpark forum did).

The antivirus products all have the same problem.  Every browser works a different way internally, there are no standards for how browsers work internally and there is no such thing as a quarantine cache in any browser.

The only common feature in all browsers is that they send http requests to http servers at port 80, period - end of common features.

avast and others place a low level intercept in the operating system so that any requests (made by any process attempting to make a connection outbound to any server at port 80) is instead routed to the handler that avast has set up (in this case running at localhost port 12080).  This passes the request to avast, avast then issues the request to the real server so that the results come back first to avast and can be scanned for infection.  If the response in clean it is passed back to the browser - which was completely unaware of the intercept. 

This all works perfectly well for all well known browsers. 

It should work with torpark when we tell avast to intercept port 9050.  I pretty much suspect that the developer has, as part of his concern for privacy, decided to ignore requests that are redirected to the tor process instead of coming directly from portable Firefox.  After all - that redirect might be from code placed by a security agency.  The same developer has effectively told users (in the quote I posted) that it does not matter that an antivirus product scan the results of the web accesses too.  I can only suggest that this is an issue that you could take up directly with the product developer.         

I doubt that one Web browser or one antivirus will be modified to work with torpark. The
major browsers are used by hundreds of millions, the antivirus products by at least tens of millions,  torpark may attract a few thousand users.  In the places where torpark will be really useful all access to the tor servers will be blocked, in other places it will probably be thought  (however unreasonably) that anyone wanting to use torpark is doing so for unsavory or dangerous purposes.  In any of these cases - major software developers will not want to be seen as catering to those causes. 

Incidentally, your concept of a quarantine cache was one that the developers of Thunderbird came up with for email - apparently in total isolation and without consultation with antivirus producers.  I have heard of it working with one antivirus product - all of my tests show it not working with any antivirus I have tried.  The same developer of torpark has produced torbird - an email equivalent based on Thunderbird.  Users of that may also find that their email cannot be scanned by an antivirus product too.

[alanrf]

Just an afterthought.

I was pondering torpark over dinner. 

I got involved in this thread, not because I want to use the product - it is far too slow for real use, but because it represented an interesting technical issue.

It occurs to me that I, and possibly cshinn101 too, have been looking at this from the wrong perspective. 

I cannot know the incentive for the developer to create this product but I suspect that it may have been the challenge to develop a method of truly anonymous browsing that could be placed on a keychain USB device, relied on nothing but the Windows operating system of the host computer, could not be intercepted by software on the host computer and left no trace on the host computer when the USB device was removed.   

If that was the technical challenge the developer was seeking to overcome then I think the result is actually quite successful and the developer is to be congratulated.

Again, I must not attempt to put words in the mouth of the developer but I think the response from the developer to a user, like cshinn101, would reflect the post of Smith above.  If you want antivirus scanning of the web access results then you are free to install regular Firefox and regular tor.  avast will be able to intercept the http accesses of Firefox before they go to tor for encryption and the results will be scanned on the way back.  There you have the advantages of both Firefox and tor plus antivirus scanning while torpark is intended for those who want to guarantee almost total stealth and no traces at the expense of forgoing antivirus support.   

 

[cshinn101]

Firstly I appreciate the responses of alanrf. It is always easier to formulate thoughts with informed combat .
As the enquirer it is my duty to be the guinea pig. I have installed & run tor with regular firefox. It gives exactly the same performance as torpark. All avast intercepts terminate at the tor directory servers.
Unless anyone else has a bright idea I guess I am SOL for achieving my goal  .

[alanrf]

I just downloaded regular Tor and I am running it now with the current production version of Firefox.  I also installed the recommended Torbutton extension that gives you the ability to toggle Tor on and off.  This sets up Privoxy as a proxy in the Firefox connection settings using localhost:8118

Then, in the avast Webshield I added port 8118 to the redirected ports and unchecked the "Ignore local communication" box.

Net result - Firefox web accesses are going through Tor and are also being scanned by avast.

Edit: interesting to see my post contains a completely different IP address from normal.

[cshinn101]

Thank you alanrf. This works for me too!